Hungarian Government Spyware Scandal Unfolds
Once again it's been proven that government networks that one might consider to be among the most secure in the world are not immune to malware and insider schemes, and that government entities themselves are still spying on everyone like crazy.
Everyone is familiar with the DoD's reported ownage via spyware last year, for which some members of the U.S. government directly implicated the People's Liberation Army of China. That's cyber-warfare plain and simple, and anyone with an educated opinion likely agrees with me that such activity is going on every day, with most major governments, including the U.S. feds, actively partaking. I mean, it's what they do, right?
But a uniquely intriguing and politically charged spyware scheme has emerged from the Hungarian government's equivalent of the U.S. Secret Service, where officials are blaming a consulting firm for dropping a program on the Hungarian Nemzetbiztonsagi Hivatalbol (NBH)'s network, and claiming that the attack was used to garner information about Hungarian politicos who were already being watched by NBH themselves.
Credit for breaking the story goes to Hungarian news press, specifically the daily Nepszabadsag, with credit for translating their piece and passing it along going to researchers at Sophos, including Graham Cluley, who posted a blog about the incident earlier today.
Apparently, the Hungrian police have already charged an unlucky fellow for dropping the program on the NBH network, he worked for the contractor in question, UD Vagyonvedelmi, who Cluley says employs lots of ex-Hungarian intelligence types.
Now here's where it gets really interesting. According to the report, Janos Toth, the head of the security consulting firm, is suspected of using the spyware bug to gather information he shared with a Hungarian businessman, Sandor Csanyi, about Ibolya David, the head of one of the country's political parties.
But if you read between the lines, it's clear that the government's NBH must have been spying on David as well, or at the very least tracking her movements. David claims to have her own related spy materials, including a CD of Toth and Csanyi chatting about their illicit undertakings in watching her using the spyware program.
Is your head swimming yet?
Toth denies that he is the voice on the CD, so, either he's lying, or perhaps someone else was spying on the political leader too.
Further, there are claims that the consulting company initially planted the spyware program to confirm that the NBH was spying on its own operations.
Man, this is pretty sordid! What the heck is going on in Hungary?
Cluley notes that this isn't the first time that such an incident has been reported, as earlier this year the German foreign intelligence service got busted using spyware to monitor the Afghani government.
"As more and more countries, companies and individuals recognize that computer software gives them the ability to spy on their enemies, competitors and rivals we are bound to see an escalating number of cases of this kind of spyware attack," Cluley notes.
Now imagine all the stuff that's going on that we never even hear about!
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.